FAQ

In Managed Firewall / UTM log analysis function, please tell me the meaning of each item displayed in the field of Raw log.

(:Last updated)

The main items in the Raw log and their meanings are as follows.

1.The meaning of each item displayed in the field of Raw log.

ItemMeaning of item
type =Displays the type of log.

For traffic logs, [type = traffic] is displayed. For security logs, [type = utm] is displayed.

subtype =Displays the type of log.
For traffic logs, [subtype = forward] is displayed. For security logs, UTM functions detected [subtype = ips etc.] are displayed.
srcip =Displays the source IP address.
srcintf =Displays the interface for which communication has been entered (received) on the Managed Firewall / UTM.
dstip =Displays the destination IP address.
dstintf =Displays the interface for which communication has been output (sent) on Managed Firewall / UTM.
proto =Displays the protocol number described in the IP header.
ICMP: [proto = 1], TCP: [proto = 6] and UDP: [proto = 17].
action =Displays the process result of the corresponding communication in Managed Firewall / UTM.
When communication is permitted, UDP / ICMP: [action = accept] and TCP: [action = close].
# When TCP communication ends, the log is output as [action = close].
policyid =Displays the Policy ID of Firewall Policy that matched communication with Managed Firewall / UTM.
trandisp = dnatDisplayed when SourceNAT or DestinationNAT is applied.
For SourceNAT, [trandisp = snat] is displayed. For DestinationNAT, [trandisp = dnat] is displayed.
tranip =Displays the IP address translated when Destination NAT is applied.
tranport =Displays the port number (translated by Port Forward) when Destination NAT is applied.
# If you do not set Port Forward, the destination port will be displayed as [tranport =].
duration =Displays the time (in seconds) from the start of communication to the end.

Reference: Tutorials - Managed Firewall / Managed UTM - Log Analytics

Is this page helpful?

Yes No

We appreciate your cooperation in improving the site

Did this FAQ be helpful? If you have any comments, please let us know.

Thank you

Your feedback has been received.